Thursday, April 15, 2010

Password Protection

Internet security firm Imperva of Redwood Shores, Calif., recently analyzed 32 million passwords that were exposed in a security breach for an online company in Dec 2009. They not only identified the most common passwords, but also suggested effective methods for creating secure ones.

The hacker in this 2009 breach only posted the member's passwords to the Internet, and was more interested in exposing the company's lax security. If complete usernames, email addresses and passwords were revealed, the ultimate damage could have been devastating. The reason: many people use the same username and password for all online dealings, including banking. Imperva reported the five most common passwords were: 1234, 12345, 123456789, password and iloveyou.

It seems that little has changed over the last 20 years. A review of the 1990 study of Unix password selections found remarkable similarities to the passwords revealed by this recent security breach. The study revealed about 50 percent of the users had the same username and passwords for access to multiple Web sites. Just 10 years ago, hacked Hotmail passwords showed the same passwords selection tendencies in their users.

The short, simple passwords make users susceptible to very basic password attacks. As hackers continue to rapidly adopt smarter password cracking software, consumers and companies will be at greater risk.

Imperva recommends passwords contain at least eight characters and a mix of four different types of characters (upper case, lower case, numbers and symbols). It should not be a name, word or contain any part of an email address.